Dropdown list & MySQL Query

  • Resolved _OMEGA_

    (@_omega_)


    15 years, 1 month ago

    Hi I’m trying to create a form with a dropdown list where I can select a custom field of search.
    It’s embedded in a plugin that I’m developing, I have some values in my database and I want to display the results using a custom field (using a PHP form) from the objects in the database, so I wrote….
    This is the PHP form:

    <form method="get" id="plants" action="<?php echo $_SERVER['PHP_SELF']; ?>">
			    Kind of plants:<br />
				<select name="id_plants">
				<option value=""></option>
				<option value="tree">Trees</option>
				<option value="shrub">Shrubs</option>
				<option value="bush">Bushes</option></select>
                <br />
                <input type="submit" value="View">
    			</form>

    And this is the query:
    $myplants = $wpdb->get_results("SELECT * FROM plants_table WHERE id_plants = '".$_GET['id_plants']."'");
    Unfortunatelly when I press “View” it returns to the homepage.
    The PHP Form and the database query are in the same file and in the same function.
    Any hints?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Thread Starter _OMEGA_

    (@_omega_)

    up

    $myplants = $wpdb->get_results("SELECT * FROM plants_table WHERE id_plants = '".$_GET['id_plants']."'");

    This code may be used for SQL Injection attacks…

    Thread Starter _OMEGA_

    (@_omega_)

    So if I was wrong how can I create the PHP form and the SQL query?
    I’m stuck there from 1 week and I’m going crazy ??

    Be cool.

    Try this plugin for you. It adds a html-form to each content for test.

    <?php
/*
Plugin Name: Plants
Plugin URI: https://www.example.com/
Description: get a name of plants
Author: ?
Version: 0.00
Author URI: https://www.example.com/
*/

add_filter('the_content','show_list_plants');
add_filter('the_content','get_plants');

function get_plants($content){
	if(isset($_GET['id_plants'])){
		$id_plants = mysql_real_escape_string($_GET['id_plants']);
		$myplants = $wpdb->get_results("SELECT * FROM plants_table WHERE id_plants = '".$id_plants."'");
		/* $myplants = $id_plants; //for debug */
		$content .= $myplants;
	}
	return $content;
}

function show_list_plants($content){
	$html .= '<form method="get" id="plants" action="'.get_bloginfo('url').'">';
	$html .= <<<EOS
	<p>Kind of plants:<br />
	<select name="id_plants">
		<option value=""></option>
		<option value="tree">Trees</option>
		<option value="shrub">Shrubs</option>
		<option value="bush">Bushes</option>
	</select>
	<br />
	<input type="submit" value="View"></p>
</form>
EOS;
	return $content.$html;
}
?>

    Thread Starter _OMEGA_

    (@_omega_)

    Cool thank you, I’ll try!

    Thread Starter _OMEGA_

    (@_omega_)

    Thank you for the code but unfortunatelly I’m going crazy to modify and apply it to my case.

    Maybe I’m wrong but the code you gave me put the PHP form in every page.

    I’ve created a dedicated page for the plugin and I don’t understand why if I select for example “Bushes” from the list and the address link is modified like the following:
    https://mylink/mydedicatedpage/?id_plants=Bushes

    instead of having the same page with the result I have the homepage.

    Thread Starter _OMEGA_

    (@_omega_)

    This is my entire function that has to be:

    <?

		  function display()
          {

			  global $wpdb;
			  $wpdbtest = new wpdb('DB_USERNAME', 'DB_PASSWORD', 'DB_NAME', 'localhost');
			  $wpdbtest->show_errors();			

?>
				<form method="get">
			    Kind of plants:<br />
				<select name="id_plants">
                    <option value=""></option>
                    <option value="tree">Trees</option>
                    <option value="shrub">Shrubs</option>
                    <option value="bush">Bushes</option></select>
                <br />
                <input type="submit" value="View">
    			</form>

<?php

			  	$myplants = $wpdbtest->get_results("SELECT *
															FROM plants_table
															WHERE id_plants = '".$_GET['id_plants']."'");

					foreach ($myplants as $myplant) {
					  echo $myplant->id_category, '<br />';
					  echo $myplant->id_name, '<br />';
// escape from PHP ... ?>

						<img src="../plants/wp-content/plugins/plants_plugin/plants_images/uploads/<? echo $myplant->id_image; ?>" width="250px" height="356px"">
                        <br /><br />

<? // starting up PHP again...
			  		}
          }

?>

    when I press the “View” button it sends me to the homepage with this address (for example if I choose Bishes):

    https://mylink/mydedicatedpage/?id_plants=Bushes

    So it doesn’t work, need help!! :'(

    Thread Starter _OMEGA_

    (@_omega_)

    Any help?
    Please it’s driving me crazy!!

    Thread Starter _OMEGA_

    (@_omega_)

    Hello??

    Please I need help, I can fix this problem!
    I don’t think that anyone can answer to this question….

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Dropdown list & MySQL Query’ is closed to new replies.